Vulnerability Summary for the Week of February 11, 2008

Released
Feb 19, 2008
Document ID
SB08-049

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
A-blog -- A-BlogSQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
unknown
2008-02-11
7.5CVE-2008-0677
MILW0RM
ACDsee -- Photo ManagerBuffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009.
unknown
2008-02-11
9.3CVE-2008-0715
OTHER-REF
FRSIRT
SECUNIA
Adobe -- Acrobat
Adobe -- Acrobat Reader
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
unknown
2008-02-12
9.3CVE-2007-5659
IDEFENSE
OTHER-REF
CERT
CERT-VN
Adobe -- Acrobat
Adobe -- Acrobat Reader
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
unknown
2008-02-12
9.3CVE-2007-5663
IDEFENSE
OTHER-REF
CERT-VN
CERT
Adobe -- Acrobat
Adobe -- Acrobat Reader
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
unknown
2008-02-12
7.2CVE-2007-5666
IDEFENSE
OTHER-REF
CERT
Adobe -- Flash Media Server 2
Adobe -- Connect Enterprise Server
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests.
unknown
2008-02-13
10.0CVE-2007-6148
IDEFENSE
OTHER-REF
OTHER-REF
BID
SECUNIA
FRSIRT
SECTRACK
Adobe -- Flash Media Server 2
Adobe -- Connect Enterprise Server
Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.
unknown
2008-02-13
10.0CVE-2007-6149
IDEFENSE
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
FRSIRT
SECTRACK
Adobe -- Flash Media Server 2
Adobe -- Connect Enterprise Server
Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149.
unknown
2008-02-13
10.0CVE-2007-6431
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
FRSIRT
SECTRACK
Apple -- Mac OS XUnspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.
unknown
2008-02-12
10.0CVE-2008-0040
APPLE
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mobile SafariMobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.
unknown
2008-02-12
7.1CVE-2008-0729
BUGTRAQ
BID
XF
Apple -- QuicktimeMultiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
unknown
2008-02-14
7.5CVE-2008-0778
BUGTRAQ
MILW0RM
BID
auraCMS -- AuraCMSSQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
unknown
2008-02-12
10.0CVE-2008-0735
MILW0RM
BookmarkX -- ScriptSQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.
unknown
2008-02-11
7.5CVE-2008-0695
MILW0RM
Brooks Internet Software -- RPM Remote Print Manager Elite
Brooks Internet Software -- RPM Remote Print Manager Select
Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information.
unknown
2008-02-13
10.0CVE-2008-0766
OTHER-REF
FRSIRT
SECUNIA
XF
Cacti -- CactiMultiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
unknown
2008-02-14
7.5CVE-2008-0785
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote attackers to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
unknown
2008-02-14
7.5CVE-2008-0026
CISCO
BID
Cisco -- Session Initiation Protocol (SIP) firmware
Cisco -- Skinny Client Control Protocol (SCCP) firmware
Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.
unknown
2008-02-14
7.8CVE-2008-0526
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Session Initiation Protocol (SIP) firmware
Cisco -- Skinny Client Control Protocol (SCCP) firmware
The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.
unknown
2008-02-14
7.8CVE-2008-0527
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Session Initiation Protocol (SIP) firmware
Cisco -- Skinny Client Control Protocol (SCCP) firmware
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.
unknown
2008-02-14
10.0CVE-2008-0528
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Session Initiation Protocol (SIP) firmware
Cisco -- Skinny Client Control Protocol (SCCP) firmware
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.
unknown
2008-02-14
10.0CVE-2008-0529
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Session Initiation Protocol (SIP) firmware
Cisco -- Skinny Client Control Protocol (SCCP) firmware
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.
unknown
2008-02-14
10.0CVE-2008-0530
CISCO
BID
FRSIRT
SECUNIA
XF
Cisco -- Session Initiation Protocol (SIP) firmware
Cisco -- Skinny Client Control Protocol (SCCP) firmware
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.
unknown
2008-02-14
9.3CVE-2008-0531
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Clam Anti-Virus -- ClamAVInteger overflow in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
unknown
2008-02-12
10.0CVE-2008-0318
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Clam Anti-Virus -- ClamAVlibclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
unknown
2008-02-12
10.0CVE-2008-0728
OTHER-REF
FRSIRT
SECUNIA
COWON America -- jetAudio BasicStack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
unknown
2008-02-13
9.3CVE-2008-0747
BUGTRAQ
MILW0RM
BID
SECUNIA
CS Team -- Counter Strike PortalSQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.
unknown
2008-02-12
7.5CVE-2008-0733
BUGTRAQ
BID
Cyan Soft -- cyanPrintIP Workstation
Cyan Soft -- cyanPrintIP Basic
Cyan Soft -- cyanPrintIP Professional
Cyan Soft -- cyanPrintIP Standard
Cyan Soft -- Opium4 OPI Server
Cyan Soft -- cyanPrintIP Easy OPI
Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.
unknown
2008-02-13
7.5CVE-2008-0755
OTHER-REF
BID
SECUNIA
DomPHP -- DomPHPDirectory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-02-13
7.5CVE-2008-0745
MILW0RM
BID
Fortinet -- FortiClientThe fortimon.sys device driver in Fortinet FortiClient 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.
unknown
2008-02-14
7.2CVE-2008-0779
BUGTRAQ
BID
GNOME -- GnumericThe excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
unknown
2008-02-11
9.3CVE-2008-0668
OTHER-REF
OTHER-REF
FEDORA
FEDORA
BID
FRSIRT
SECUNIA
SECUNIA
GENTOO
HP -- Storage Essentials SRM Enterprise
HP -- Storage Essentials SRM Standard
Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.
unknown
2008-02-11
10.0CVE-2008-0215
HP
BID
FRSIRT
SECTRACK
SECUNIA
Husrev -- BlackboardSQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
unknown
2008-02-13
7.5CVE-2008-0750
BUGTRAQ
BID
SECUNIA
XF
IBM -- DB2IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
unknown
2008-02-12
10.0CVE-2007-3676
IDEFENSE
SECTRACK
IBM -- DB2IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
unknown
2008-02-11
7.5CVE-2008-0696
OTHER-REF
FRSIRT
SECUNIA
IBM -- DB2Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
unknown
2008-02-11
7.2CVE-2008-0697
OTHER-REF
FRSIRT
SECUNIA
IBM -- DB2Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."
unknown
2008-02-11
7.8CVE-2008-0698
OTHER-REF
FRSIRT
SECUNIA
IBM -- DB2Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before 8.2 Fixpak 16 has unknown impact and attack vectors.
unknown
2008-02-11
10.0CVE-2008-0699
OTHER-REF
FRSIRT
SECUNIA
IBM -- WebSphere Application ServerUnspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.
unknown
2008-02-12
10.0CVE-2008-0741
OTHER-REF
AIXAPAR
FRSIRT
SECTRACK
SECUNIA
IBM -- Informix Dynamic Server
IBM -- Informix Storage Manager
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
unknown
2008-02-13
10.0CVE-2008-0768
AIXAPAR
AIXAPAR
SECTRACK
XF
ibProArcade -- ibProArcadeSQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.
unknown
2008-02-13
7.5CVE-2008-0770
MILW0RM
FRSIRT
iTechScripts -- iTechClassifiedsSQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
unknown
2008-02-11
7.5CVE-2008-0685
BUGTRAQ
BID
SECUNIA
iTechScripts -- iTechBidsSQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
unknown
2008-02-11
7.5CVE-2008-0692
MILW0RM
iTechScripts -- iTechBidsSQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
unknown
2008-02-13
7.5CVE-2008-0776
MILW0RM
BID
SECUNIA
Joomla -- com_noticiasSQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.
unknown
2008-02-11
7.5CVE-2008-0670
MILW0RM
BID
Joomla -- com_marketplaceSQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.
unknown
2008-02-11
7.5CVE-2008-0689
MILW0RM
Joomla -- com_directorySQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.
unknown
2008-02-11
7.5CVE-2008-0690
MILW0RM
Joomla -- com_gallery
Mambo -- com_gallery
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-02-13
7.5CVE-2008-0746
MILW0RM
VIM
VIM
BID
Joomla -- com_neogallery
Mambo -- com_neogallery
SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.
unknown
2008-02-13
7.5CVE-2008-0752
MILW0RM
BID
XF
Joomla -- com_rapidrecipeMultiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.
unknown
2008-02-13
7.5CVE-2008-0754
BUGTRAQ
Joomla -- com_pcchessSQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.
unknown
2008-02-13
7.5CVE-2008-0761
MILW0RM
Joomla -- com_iomezunSQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
unknown
2008-02-13
7.5CVE-2008-0762
BUGTRAQ
Joomla -- com_doc
Mambo -- com_doc
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
unknown
2008-02-13
7.5CVE-2008-0772
MILW0RM
BID
Joovili -- JooviliPHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
unknown
2008-02-12
10.0CVE-2008-0743
BUGTRAQ
BID
Larson Software Technology -- Network Print ServerStack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.
unknown
2008-02-13
10.0CVE-2008-0763
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Larson Software Technology -- Network Print ServerFormat string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.
unknown
2008-02-13
10.0CVE-2008-0764
OTHER-REF
BID
FRSIRT
SECUNIA
XF
LI-Scripts -- LI-CountdownSQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter.
unknown
2008-02-14
7.5CVE-2008-0789
BUGTRAQ
BID
Limbo CMS -- Limbo CMSSQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.
unknown
2008-02-12
7.5CVE-2008-0734
MILW0RM
BID
XF
Linux -- KernelThe vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
unknown
2008-02-12
7.2CVE-2008-0600
MILW0RM
MLIST
MLIST
MLIST
MLIST
MLIST
BUGTRAQ
OTHER-REF
DEBIAN
FEDORA
FEDORA
MANDRIVA
MANDRIVA
REDHAT
SUSE
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
Mambo -- com_neoreferences
Joomla -- com_neoreferences
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2008-02-11
7.5CVE-2008-0686
MILW0RM
BID
SECUNIA
XF
Mambo -- com_sermonSQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
unknown
2008-02-11
7.5CVE-2008-0721
MILW0RM
Microsoft -- office macos
Microsoft -- Visual Basic
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
unknown
2008-02-12
10.0CVE-2007-0065
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Works
Microsoft -- Office
Microsoft -- Works Suite
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
unknown
2008-02-12
9.3CVE-2007-0216
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- IISUnspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
unknown
2008-02-12
7.2CVE-2008-0074
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- IISUnspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
unknown
2008-02-12
10.0CVE-2008-0075
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0076
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0077
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
IDEFENSE
BUGTRAQ
OTHER-REF
CERT-VN
Microsoft -- Internet Explorer
Microsoft -- ActiveX
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0078
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- WebDAV Mini-RedirectorHeap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
unknown
2008-02-12
10.0CVE-2008-0080
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- windows-ntUnspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet.
unknown
2008-02-12
7.8CVE-2008-0084
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- PublisherUnspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
unknown
2008-02-12
10.0CVE-2008-0102
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- office macos
Microsoft -- Office
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0103
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Publisher
Microsoft -- Office
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0104
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Works
Microsoft -- Office
Microsoft -- Works Suite
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0105
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Works
Microsoft -- Office
Microsoft -- Works Suite
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
unknown
2008-02-12
9.3CVE-2008-0108
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Office
Microsoft -- Word
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
unknown
2008-02-12
9.3CVE-2008-0109
MS
CERT
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
BUGTRAQ
MicroTik -- RouterOSSNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
unknown
2008-02-11
7.8CVE-2008-0680
MILW0RM
SECUNIA
OTHER-REF
FRSIRT
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
unknown
2008-02-08
10.0CVE-2008-0419
OTHER-REF
OTHER-REF
BUGTRAQ
BUGTRAQ
OTHER-REF
DEBIAN
DEBIAN
DEBIAN
REDHAT
REDHAT
REDHAT
UBUNTU
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
Mozilla -- FirefoxUnspecified vulnerability in Mozilla Firefox, as used in Ubuntu 6.06 through 7.10 and possibly other distributions, allows remote attackers to obtain sensitive information via a crafted BMP file.
unknown
2008-02-11
7.5CVE-2008-0420
UBUNTU
SECUNIA
Novell -- Novell clientMultiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954.
unknown
2008-02-13
10.0CVE-2007-6701
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Novell -- Novell clientStack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
unknown
2008-02-13
10.0CVE-2008-0639
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
BUGTRAQ
Novell -- AppArmorThe Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.
unknown
2008-02-12
7.5CVE-2008-0731
SUSE
SECUNIA
osCommerce -- Customer Testimonials
osCommerce -- osCommerce
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.
unknown
2008-02-11
7.5CVE-2008-0719
MILW0RM
BID
SECUNIA
Phil Taylor -- Comments
Phil Taylor -- Review Script
Joomla -- com_comments
Mambo -- com_comments
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-13
7.5CVE-2008-0773
MILW0RM
PowerScripts -- PowerNewsMultiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
unknown
2008-02-12
7.5CVE-2008-0742
BUGTRAQ
MILW0RM
BID
PreProjects.com -- Pre Hotels & Resorts Management SystemSQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.
unknown
2008-02-12
7.5CVE-2008-0744
BUGTRAQ
BID
XF
Print Manager Plus -- Client Billing and AuthenticationStack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101.
unknown
2008-02-11
7.8CVE-2008-0693
OTHER-REF
SECUNIA
FRSIRT
ShoppingTree -- CandyPress StoreSQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
unknown
2008-02-12
7.5CVE-2008-0737
BUGTRAQ
MILW0RM
OTHER-REF
BID
SECUNIA
ShoppingTree -- CandyPress StoreMultiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-12
7.5CVE-2008-0738
OTHER-REF
SECUNIA
ShoppingTree -- CandyPress StoreSQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.
unknown
2008-02-12
7.5CVE-2008-0739
OTHER-REF
SECUNIA
Site2Nite -- Real Estate WebMultiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
unknown
2008-02-13
7.5CVE-2008-0771
BUGTRAQ
BID
SECUNIA
XF
Sony -- AxRUploadServer_ActiveX_Control
Sony -- ImageStation
Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information.
unknown
2008-02-13
10.0CVE-2008-0748
BUGTRAQ
BUGTRAQ
MILW0RM
MILW0RM
BID
FRSIRT
SECUNIA
South River Technologies -- Titan FTP ServerMultiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
unknown
2008-02-11
9.3CVE-2008-0702
BUGTRAQ
MILW0RM
BID
FRSIRT
SECUNIA
The Everything Development Company -- The Everything Development EngineSQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter.
unknown
2008-02-11
7.5CVE-2008-0675
BUGTRAQ
MILW0RM
BID
TinTin -- TinTin++
TinTin -- WinTin++
Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.
unknown
2008-02-11
10.0CVE-2008-0671
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
TinTin -- TinTin++
TinTin -- WinTin++
TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.
unknown
2008-02-11
7.5CVE-2008-0673
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Titan -- FTP_ServerMultiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702.
unknown
2008-02-11
10.0CVE-2008-0725
SECUNIA
VWar -- Virtual WarSQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
unknown
2008-02-13
7.5CVE-2008-0753
BUGTRAQ
BID
WordPress -- WordspewSQL injection vulnerability in wordspew-rss.php in the Wordspew plugin for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-11
7.5CVE-2008-0682
MILW0RM
SECUNIA
WordPress -- st_newsletter pluginSQL injection vulnerability in shiftthis-preview.php in the st_newsletter plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
unknown
2008-02-11
7.5CVE-2008-0683
MILW0RM
Youtube -- Clone ScriptCross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter.
unknown
2008-02-11
7.5CVE-2008-0687
BUGTRAQ
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
A-blog -- A-BlogCross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
unknown
2008-02-11
4.3CVE-2008-0676
MILW0RM
Adobe -- RoboHelpCross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280.
unknown
2008-02-14
4.3CVE-2008-0642
OTHER-REF
BID
FRSIRT
SECUNIA
Adobe -- Acrobat ReaderThe DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
unknown
2008-02-11
5.0CVE-2008-0667
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
CERT
Adobe -- Acrobat
Adobe -- Acrobat Reader
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
unknown
2008-02-12
6.8CVE-2008-0726
OTHER-REF
OTHER-REF
BUGTRAQ
Affiliate Market -- Affiliate MarketDirectory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
unknown
2008-02-14
6.4CVE-2008-0794
MILW0RM
Apache Software Foundation -- TomcatApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
unknown
2008-02-11
5.0CVE-2007-5333
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
OTHER-REF
FRSIRT
SECUNIA
SECUNIA
Apache Software Foundation -- TomcatApache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
unknown
2008-02-11
4.3CVE-2007-6286
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Apache Software Foundation -- TomcatApache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
unknown
2008-02-11
5.8CVE-2008-0002
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Apple -- Mac OS XX11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.
unknown
2008-02-12
4.3CVE-2008-0037
APPLE
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- MailUnspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
unknown
2008-02-12
6.8CVE-2008-0039
APPLE
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS XParental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.
unknown
2008-02-12
5.0CVE-2008-0041
APPLE
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS XArgument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.
unknown
2008-02-12
6.8CVE-2008-0042
APPLE
OTHER-REF
CERT
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Artmedic Webdesign -- Artmedic WeblogMultiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php.
unknown
2008-02-13
4.3CVE-2008-0765
BUGTRAQ
BID
BlogPHP -- BlogPHPSQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
unknown
2008-02-11
6.8CVE-2008-0678
MILW0RM
SECUNIA
BlogPHP -- BlogPHPCross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
unknown
2008-02-11
4.3CVE-2008-0679
MILW0RM
SECUNIA
Cacti -- CactiMultiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login.
unknown
2008-02-14
4.3CVE-2008-0783
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Cacti -- Cactigraph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
unknown
2008-02-14
5.0CVE-2008-0784
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Cacti -- CactiCRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
unknown
2008-02-14
4.3CVE-2008-0786
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Calimero.CMS -- Calimero.CMSCross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-13
4.3CVE-2008-0749
OTHER-REF
BID
Crux Software -- CruxCMSCross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-11
4.3CVE-2008-0700
BID
Cyan Soft -- cyanPrintIP Workstation
Cyan Soft -- cyanPrintIP Basic
Cyan Soft -- cyanPrintIP Professional
Cyan Soft -- cyanPrintIP Standard
Cyan Soft -- Opium4 OPI Server
Cyan Soft -- cyanPrintIP Easy OPI
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
unknown
2008-02-13
5.0CVE-2008-0756
OTHER-REF
BID
SECUNIA
ExtremeZ-IP -- File Server
ExtremeZ -- Print Server
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.
unknown
2008-02-13
5.0CVE-2008-0767
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service for Business
F-Secure -- F-Secure Anti-Virus Client Security
F-Secure -- F-Secure Anti-Virus for Workstations
F-Secure -- F-Secure Anti-Virus for Linux
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- F-Secure Protection Service for Consumers
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
unknown
2008-02-14
5.8CVE-2008-0792
OTHER-REF
SECUNIA
FreeBSD -- FreeBSDThe sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
unknown
2008-02-14
4.9CVE-2008-0777
FREEBSD
BID
SECTRACK
SECUNIA
Group_Logic -- ExtremeZ-IP Print Server
Group_Logic -- ExtremeZ-IP File Server
Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.
unknown
2008-02-13
5.0CVE-2008-0758
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Group_Logic -- ExtremeZ-IP Print Server
Group_Logic -- ExtremeZ-IP File Server
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
unknown
2008-02-13
5.0CVE-2008-0759
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUntrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
unknown
2008-02-12
6.9CVE-2007-5757
IDEFENSE
OTHER-REF
SECTRACK
IBM -- OS_400Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
unknown
2008-02-11
4.3CVE-2008-0694
AIXAPAR
FRSIRT
SECUNIA
IBM -- Websphere Edge ServerCross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.
unknown
2008-02-11
4.3CVE-2008-0717
OTHER-REF
FRSIRT
SECUNIA
SECTRACK
Intermate -- WinIPDSDirectory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2008-02-14
5.0CVE-2008-0790
BUGTRAQ
OTHER-REF
BID
SECUNIA
Intermate -- WinIPDSipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.
unknown
2008-02-14
5.0CVE-2008-0791
BUGTRAQ
OTHER-REF
BID
SECUNIA
iTechScripts -- iTechClassifiedsCross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.
unknown
2008-02-11
4.3CVE-2008-0684
BUGTRAQ
BID
SECUNIA
Level Platforms -- Managed Workplace Service CenterLevel Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
unknown
2008-02-12
5.0CVE-2008-0636
BUGTRAQ
BID
Linux -- KernelLinux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.
unknown
2008-02-12
4.4CVE-2008-0163
DEBIAN
BID
SECUNIA
Magnolia -- CEActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
unknown
2008-02-11
5.0CVE-2008-0701
OTHER-REF
OTHER-REF
SECUNIA
MercuryBoard -- MercuryBoard Message BoardCross-site scripting (XSS) vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter (aka the message text area), which leads to an injection in the messenger during private message (PM) preview. NOTE: some of these details are obtained from third party information.
unknown
2008-02-13
4.3CVE-2008-0757
OTHER-REF
BID
SECUNIA
Microsoft -- Windows Server 2000
Microsoft -- Windows Server 2003
Microsoft -- windows-nt
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
unknown
2008-02-12
6.8CVE-2008-0088
MS
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Internet Explorer
S9Y -- Serendipity Freetag-plugin
Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.
unknown
2008-02-13
4.3CVE-2008-0751
FULLDISC
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Mihalism -- Multi HostSQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
unknown
2008-02-11
6.8CVE-2008-0714
MILW0RM
BID
SECUNIA
XF
MoinMoin -- MoinMoinCross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
unknown
2008-02-14
4.3CVE-2008-0780
OTHER-REF
OTHER-REF
OTHER-REF
MoinMoin -- MoinMoinMultiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
unknown
2008-02-14
4.3CVE-2008-0781
OTHER-REF
OTHER-REF
MoinMoin -- MoinMoinDirectory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to read arbitrary files via ".." sequences in the user ID in a cookie.
unknown
2008-02-14
5.0CVE-2008-0782
OTHER-REF
Mozilla -- FirefoxMultiple unspecified vulnerabilities in Mozilla Firefox, as used in Ubuntu 6.06 through 7.10 and possibly other distributions, allow remote attackers to conduct cross-site scripting (XSS) attacks via unknown vectors related to character encoding.
unknown
2008-02-11
4.3CVE-2008-0416
UBUNTU
DEBIAN
DEBIAN
DEBIAN
SECUNIA
SECUNIA
SECUNIA
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 allows user-assisted remote attackers to cause users to confirm a timer-enabled security dialog by using a timer to change the window focus.
unknown
2008-02-08
4.3CVE-2008-0591
OTHER-REF
OTHER-REF
OTHER-REF
BUGTRAQ
BUGTRAQ
OTHER-REF
DEBIAN
DEBIAN
DEBIAN
REDHAT
REDHAT
REDHAT
UBUNTU
BID
FRSIRT
FRSIRT
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
unknown
2008-02-08
5.0CVE-2008-0593
OTHER-REF
OTHER-REF
BUGTRAQ
OTHER-REF
DEBIAN
DEBIAN
DEBIAN
REDHAT
REDHAT
REDHAT
UBUNTU
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MyBB -- MyBBMultiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) delete threads as moderators or administrators via a do_multideletethreads action to moderation.php and (2) delete private messages (PM) as arbitrary users via a delete action to private.php.
unknown
2008-02-14
4.3CVE-2008-0788
BUGTRAQ
OTHER-REF
SECUNIA
MyBulletinBoard -- MyBulletinBoardSQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
unknown
2008-02-14
6.5CVE-2008-0787
MILW0RM
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
OpenLDAP -- OpenLDAPslapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
unknown
2008-02-13
6.5CVE-2008-0658
OTHER-REF
OTHER-REF
SECUNIA
SECUNIA
OTHER-REF
BID
FRSIRT
SECUNIA
OpenText -- Livelink ECMCross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.
unknown
2008-02-13
4.3CVE-2008-0769
FULLDISC
OTHER-REF
BID
SECUNIA
XF
Pagetool -- PagetoolCross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-11
4.3CVE-2008-0722
BID
phpShop -- phpShopSQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
unknown
2008-02-11
6.8CVE-2008-0681
BUGTRAQ
MILW0RM
BID
Planetluc -- MyNewsCross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.
unknown
2008-02-11
4.3CVE-2008-0723
FULLDISC
FULLDISC
BID
SafeNet -- Sentinel Protection Server
SafeNet -- Sentinel Keys Server
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
unknown
2008-02-13
5.0CVE-2008-0760
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
sflog -- sflogMultiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
unknown
2008-02-11
5.0CVE-2008-0703
BUGTRAQ
MILW0RM
BID
XF
ShoppingTree -- CandyPress Storeadmin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
unknown
2008-02-12
5.0CVE-2008-0736
BUGTRAQ
MILW0RM
OTHER-REF
BID
Sift -- UnityCross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-11
4.3CVE-2008-0669
BID
SECUNIA
Simon Elvery -- WP-Footnotes
WordPress -- WP-Footnotes
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.
unknown
2008-02-11
4.3CVE-2008-0691
BUGTRAQ
BID
Simple Machines -- SMF ShoutboxCross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".
unknown
2008-02-13
4.3CVE-2008-0775
BUGTRAQ
BID
SECUNIA
Smartscript -- Domain TraderCross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action.
unknown
2008-02-11
4.3CVE-2008-0688
BUGTRAQ
BID
Sun -- SolarisUnspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
unknown
2008-02-11
4.7CVE-2008-0718
SUNALERT
FRSIRT
BID
Sun -- SolarisThe (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.
unknown
2008-02-12
4.6CVE-2008-0730
SUNALERT
FRSIRT
Symantec -- Altiris Notification ServerThe agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack.
unknown
2008-02-11
6.8CVE-2008-0716
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Tendenci -- CMSMultiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE.
unknown
2008-02-14
4.3CVE-2008-0793
OTHER-REF
SECUNIA
The Everything Development Company -- The Everything Development EngineThe Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.
unknown
2008-02-11
5.0CVE-2008-0724
BUGTRAQ
MILW0RM
TinTin -- TinTin++
TinTin -- WinTin++
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
unknown
2008-02-11
5.0CVE-2008-0672
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Webmin -- Usermin
Webmin -- Webmin
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
unknown
2008-02-11
4.3CVE-2008-0720
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- GeronimoThe init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
unknown
2008-02-12
2.1CVE-2008-0732
SUSE
SECUNIA
Apple -- Mac OS XLaunch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
unknown
2008-02-12
1.9CVE-2008-0038
APPLE
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- WebSphere Application ServerIBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.
unknown
2008-02-12
2.1CVE-2008-0740
OTHER-REF
FRSIRT
Linux -- KernelThe vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
unknown
2008-02-12
2.1CVE-2008-0009
OTHER-REF
OTHER-REF
OTHER-REF
BUGTRAQ
FEDORA
FEDORA
BID
FRSIRT
SECUNIA
SECUNIA
Linux -- KernelThe copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
unknown
2008-02-12
2.1CVE-2008-0010
OTHER-REF
OTHER-REF
MILW0RM
BUGTRAQ
DEBIAN
FEDORA
FEDORA
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Loris -- Hotel Reservation SystemCross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-13
0.0CVE-2008-0774
BID
SECUNIA
Website META Language -- Website META Languagewml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
unknown
2008-02-11
3.6CVE-2008-0665
OTHER-REF
SECUNIA
DEBIAN
BID
SECUNIA
Website META Language -- Website META LanguageWebsite META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
unknown
2008-02-11
3.6CVE-2008-0666
OTHER-REF
SECUNIA
DEBIAN
BID
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.